Chapter 31: Cryptography and Network Security
Modern Symmetric Key Ciphers
Modern symmetric-key ciphers are bit-oriented; data are converted into a stream of bits to be encrypted and sent.
RSA Digital Signature Scheme
The signing and verifying sites use the same function, but with different parameters. The verifier compares the message and the output of the function for equality in modulo arithmetic, and accepts the message if both digests are the same.
Multiple KDCs
When the number of people using a KDC increases, the system becomes unmanageable and a bottleneck can result. To solve for this, we need use multiple KDCs. The world is divided into domains. Each domain can have one or more KDCs (for redundancy).
Transposition Cipher
A cipher that reorders (transposes) symbols. The same key is used for encryption and decryption, but the algorithm uses the key in reverse order.
Certification Authority (CA)
A federal or state organizations that binds a public key to an entity and issues a certificate. The CA itself has a well-known public key that cannot be forged. The CA signs the certificate with its private key to prevent forgery. Now, the public-key certificate can be advertised safely.
Message Digest
A message is passed through a cryptographic hash function to create a compressed image called a digest, that can be used like a fingerprint. To check message integrity, the receiver can run the cryptographic hash function again and compare the digest with the previous one. The message digest itself needs to be safe from change.
Symmetric-Key Agreement
A method for generating session keys without using a KDC. One such method is Diffie-Hellman.
Data Encryption Standard (DES)
A symmetric block cipher that uses a 56-bit cipher key and encrypts data in 64-bit blocks.
Entity Authentication
A technique designed to let one party (verifier) verify the identity of another party (claimant) in real time. Afterward, the claimant is verified for the duration of their session.
Key Distribution Center (KDC)
A trusted third party for key distribution. Creates a secret key used b/w a party and the KDC. The KDC uses two parties keys to generate a session key for the duration of communication.
RSA Cryptosystem
An asymmetric-key cryptosystem that uses 2 exponents, e and d, where e is public and d is private (see image for details). An attacker cannot decrypt the message if p and q are very large numbers and they do not know d. Misc. o RSA is very slow if message is long. Used for digital signatures and other cryptosystems that often need to encrypt a small message w/o having access to a symmetric-key. o Also used for authentication.
Using a Symmetric-Key Cipher (Challenge-Response)
An encryption algorithm is applied on the challenge using a shared secret key.
Need for Both Asymmetric- and Symmetric-Key Cryptography
Asymmetric-key cryptography, which uses mathematical functions for encryption and decryption, is much slower than symmetric-key cryptography. For encipherment of large messages, symmetric-key cryptography is still needed. On the other hand, the speed of symmetric-key cryptography does not eliminate the need for asymmetric-key cryptography. Asymmetric-key cryptography is still needed for authentication, digital signatures, and secret-key exchanges.
Signing the Digest (Digital Signature)
Asymmetric-key cryptosystems are very inefficient for long messages. To solve this for digital signatures, the message digest is signed instead. A carefully selected message digest has a one-to-one relationship with the message.
Combination of Stream Ciphers and Block Ciphers
In practice, blocks of plaintext are encrypted individually, but they use a stream of keys to encrypt the whole message block by block. In other words, the cipher is a block cipher when looking at the individual blocks, but it is a stream cipher when looking at the whole message, considering each block as a single unit. Each block uses a different key that may be generated before or during encryption.
Traditional Symmetric-Key Ciphers (2 of 2)
However, the literature divides symmetric ciphers into 2 broad categories: 1. Stream Ciphers 2. Block Ciphers
Using a Asymmetric-Key Cipher (Challenge-Response)
The verifier encrypts the challenge using the claimant's public key; the claimant decrypts it using its private key.
Security Goals
There are 3 security goals: 1. Confidentiality - Data must be secured against unauthorized access both in storage and during transmission. Can be achieved using ciphers (discussed later). 2. Integrity - Changes to data must be done only by authorized entities and via authorized mechanisms. 3. Availability - Data must be accessible to authorized entities.
Digital Signature Standard (DSS)
A more secure, but complicated digital signature scheme.
Public-Key Distribution
Only public keys need to be shared. Each party keeps their private key hidden. The naïve approach is public announcement - a public key is advertised freely. However, this approach is subject to forgery. The common approach is to create public-key certificates with a certification authority (CA).
Using a Digital Signatures (Challenge-Response)
The claimant uses their private key for signing the challenge.
Key Generation (DES)
A round-key generator creates 16 48-bit keys using the 56-bit cipher key as input. However, the cipher key is normally given as a 64-bit key in which 8 extra bits are the parity bits, which are dropped before the actual key-generation process.
Symmetric-Key Distribution
Any two parties need a shared secret key. There are two issues with this. 1. The number of keys can be large. To communicate with N people, a party needs N keys. For bidirectional communication, N(N - 1) keys are needed if we require one key for each direction, or N(N-1)/2 if we require one key for both directions. 2. The distribution of keys is also a problem, as a secure channel is needed. To solve the above issues, we use a key distribution center (KDC).
Function (DES)
Applies a 48-bit key to the rightmost 32 bits (R_i−1) to produce a 32-bit output. This function is made up of 4 sections: 4. Straight P-box 1. Expansion P-box - Since R_i−1 is a 32-bit input and K_i is a 48-bit key, we first need to expand R_i−1 to 48 bits using a predetermined rule. 2. Whitener - Uses the XOR operation on the expanded right section and the round key. 3. Group of S-boxes - The S-boxes do the real mixing. DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. 4. Straight P-box - Performs a straight permutation with a 32-bit input and a 32-bit output.
Steganography
Concealing data itself by covering it with something else.
Stream Cipher
Encryption and decryption are done one symbol at a time. Uses a plaintext stream, ciphertext stream, and a key stream.
Encryption/Decryption (Asymmetric-Key Cryptography)
Encryption and decryption in asymmetric-key cryptography are mathematical functions applied over the numbers representing the plaintext and ciphertext. The ciphertext can be thought of as C = f (K_public, P); the plaintext can be thought of as P = g (K_private, C). The encryption function f is used only for encryption; the decryption function g is used only for decryption.
Message Authentication Code
Provides message integrity and authentication using a combination of a hash function and a secret key to protect the digest.
Plaintext/Ciphertext (Asymmetric-Key Cryptography)
Unlike in symmetric-key cryptography, plaintext and ciphertext in asymmetric-key cryptography are treated as integers. The message must be encoded as an integer (or a set of integers) before encryption; the integer (or the set of integers) must be decoded into the message after decryption. Asymmetric-key cryptography is normally used to encrypt or decrypt small pieces of information, such as the cipher key for a symmetric-key cryptography.
Attacks Threatening Integrity
1. Modification - Attacker modifies the data to make it beneficial to their self. Can also delay or delete the data. 2. Masquerading - Attacker impersonates somebody else. Also known as spoofing. 3. Replaying - An attacker obtains a copy of a message sent by a user and later tries to replay (reuse) it. 4. Repudiation - Either done by sender or receiver. The sender might deny that they have received a message; the receiver of the message might deny that they have received the message.
One-Time Pad Cipher
A modern block cipher that uses a key stream that is randomly chosen for each encipherment. The encryption and decryption algorithms each use a single XOR operation. Based on properties of the XOR operation, the encryption and decryption algorithms are inverses of each other. XOR is used one bit at a time. Also requires a secure channel to send key stream sequence. Misc. o Difficult to achieve due to needing to agree on a random key. o Feasible, less secured versions exist (i.e., feedback shift register).
Monoalphabetic Cipher
A symbol in plaintext is always changed to the same symbol in ciphertext regardless of its position in the text. The simplest monoalphabetic cipher is the additive cipher.
Diffie-Hellman Key Agreement
A symmetric-key agreement method. First, two parties choose two numbers, p and g. (The numbers can be public.) The steps are as follows: 1. Party A chooses a large random number x such that 0 ≤ x ≤ p - 1 and calculates R1 = g^x mod p. Party B chooses another large random number y such that 0 ≤ y ≤ p - 1 and calculates R2 = g^y mod p. 2. Party A sends R1 to Party B. 3. Party B sends R2 to Party A. 4. Party A calculates K = R2^x mod p. Party B also calculates K = R1^y mod p. K is the symmetric key for the session: K = g^xy mod p.
Cryptography
Any techniques that transform messages to secure them against attacks. In the past, cryptography meant encryption and decryption of data using secret keys. Today, cryptography involves 3 distinct mechanisms: 1. Symmetric-Key Encipherment 2. Asymmetric-Key Encipherment 3. Hashing
Session Keys
Creating a session key using a KDC is done as follows: 1. Party A requests a symmetric session key b/w Party B and their self. 2. The KDC receives the request and creates a ticket. The ticket is encrypted using Party B's key (KB). The ticket contains the identities of Party A and Party B and the session key. The ticket, with a copy of the session key, is sent to Party A. Party A decrypts the message and extracts the session key. Party A is authenticated, as only they can decrypt the message using their secret key. 3. Party A sends the ticket to Party B. Party B opens the ticket and knows that Party A needs to send messages using the session key. Party B is authenticated, as only they can decrypt the ticket using their secret key. Both parties are now authenticated via the KDC. A session key between two parties is used only once.
Rounds (DES)
DES uses 16 rounds. Each round of DES is an invertible transformation. The round takes L_i−1 and R_i−1 from the previous round (or the initial P-box) and creates L_i and R_i, which go to the next round (or final P-box). Each round can have up to 2 invertible cipher elements (mixer and swapper). The swapper swaps the left half of the text with the right half. All noninvertible elements are collected inside the function f(R_i−1, K_i).
Polyalphabetic Cipher
Each occurrence of a character may have a different substitute (one-to-many). Each ciphertext symbol is dependent on both the corresponding plaintext symbol and its position in the message. This requires a key stream k_i is used to encipher the ith symbol in the plaintext to create the ith symbol in the ciphertext. A simple polyalphabetic cipher is the autokey cipher. Misc. Have the advantage of hiding the letter frequency of the underlying message.
Modern Stream Ciphers
Encryption and decryption are done r bits at a time. We have a plaintext bit stream, a ciphertext bit stream, and a key bit stream, in which p_i, c_i, and k_i are r-bit words. Encryption is c_i = E (k_i, p_i), and decryption is p_i = D (k_i, c_i). Stream ciphers are faster than block ciphers. The hardware implementation of a stream cipher is also easier. When we need to encrypt binary streams and transmit them at a constant rate, a stream cipher is the better choice to use. Stream ciphers are also more immune to the corruption of bits during transmission. The simplest, most secure type of synchronous stream cipher is called the one-time pad.
Challenge-Response (Entity Authentication)
The claimant applies a function to a challenge (time-varying value) and sends the response (the result) to the verifier to prove their identity. This avoids sending a password, which is prone to attack.
X.509
The most widely accepted format for public-key certificates.
Symmetric-Key Cipher
Uses the same key for both encryption and decryption, and the key can be used for bidirectional communication. Plaintext is encrypted into ciphertext using an encryption algorithm and a shared key. Ciphertext is decrypted using a decryption algorithm and the same shared key. Encryption and decryption algorithms are called ciphers. A key is a set of values (numbers) that the cipher, as an algorithm, operates on. Misc. o Also called secret-key ciphers.
Attacks Threatening Confidentiality
1. Snooping - Unauthorized access to or interception of data. 2. Traffic Analysis - Monitoring online traffic to guess the contents of data and the nature of its transmission.
Substitution Cipher
A cipher that substitutes one symbol for another. There are 2 types: 1. Monoalphabetic Ciphers 2. Polyalphabetic Ciphers
Block Cipher
A group of plaintext symbols of size m > 1 are encrypted together, creating a group of ciphertext of the same size. A single key is used to encrypt the whole block even if the key is made of multiple values. In block cipher, a ciphertext block depends on the whole plaintext blocks.
Modern Block Cipher
A modern symmetric-key cipher that encrypts an n-bit block of plaintext or decrypts an n-bit block of ciphertext using a k-bit key. If the message has fewer than n bits, then padding is added to make it an n-bit bock; if the message has more than n bits, then it should be divided into n-bit blocks (w/ padding added to the last block if necessary). Misc. o Common values for n are 64, 128, 256, and 512 bits.
Additive Cipher
A monoalphabetic cipher where each symbol is assigned a numerical value. The encryption algorithm adds the key to the plaintext symbol; the decryption algorithm subtracts the key from the ciphertext. All operations are done in modulo 26. Vulnerable to attacks using exhaustive key searches (brute-force attacks) b/c the key domain of the cipher is very small. A better solution is to create a mapping b/w each plaintext symbol and the corresponding ciphertext symbol. Misc. o Also known as shift cipher and Caesar cipher.
Autokey Cipher
A polyalphabetic cipher where the key is a stream of subkeys, in which each subkey is used to encrypt the corresponding symbol in the plaintext. The first subkey is a predetermined value secretly agreed upon b/w two parties using a secure channel. The second subkey is the value of the first plaintext symbol, the third subkey of the second plaintext symbol, etc. Misc. o Autokey implies that the subkeys ae automatically created from the plaintext cipher symbols during the encryption process.
Security Attacks
Actions that compromise the security of data. Attacks can be categorized into 3 groups related to the security goals: 1. Threats to confidentiality. 2. Threats to integrity. 3. Threat to availability.
Nonrepudiation (Digital Signature)
Can use a trusted third party to provide nonrepudiation.
Verification Categories (Entity Authentication)
Claimants needs one of 3 witness to verify themselves: 1. Something Known - Only known by the claimant (password, PIN, secret key, private key). 2. Something Possessed - Something to prove the claimant's identity (passport, driver's license, ID card, credit card). 3. Something Inherent - An inherent characteristic of the claimant (conventional signature, fingerprints, voice, facial characteristics).
Attacks Threatening Availability
Denial of Service (DoS) - Attacker slows or interrupts a system's service. An attacker can use several strategies: o Send fake messages to overload and crash a server o Intercept and delete a server's response to a client o Intercept requests from clients, forcing the client to send request many times and overload the server
Components of a Modern Block Cipher
Modern block ciphers are substitution ciphers when seen as a whole block. However, modern block ciphers are not designed as a single unit. To provide an attack-resistant cipher, a modern block cipher is made of a combination of transposition units (sometimes called P-boxes), substitution units (sometimes called S-boxes), and exclusive-OR (XOR) operations, as well as shifting, swapping, splitting, and combining elements. We can find 3 types of P-boxes in modern block ciphers: 1. Straight P-boxes 2. Expansion P-boxes 3. Compression P-boxes An S-box can have a different number of inputs and outputs. We use n XOR operations to combine an n-bit data block with an n-bit key. A XOR operation is normally the only unit where the key is applied. The other components are normally based on predefined functions. Another component found in some modern block ciphers is the circular shift operation. The swap operation is a special case of the circular shift operation where the number of shifted bits k = n/2. The split operation splits an n-bit word in the middle, creating 2 equal-length words. The combine operation concatenates 2 equal-length words, each of size n/2 bits, to create an n-bit word.
Traditional Symmetric-Key Ciphers (1 of 2)
Obsolete, but can be thought of as components of modern ciphers. There are 2 types: 1. Substitution Ciphers 2. Transposition Ciphers
Digital Signature
Provides message integrity and authentication using a pair of private-public keys. The private key is applied to a signing algorithm to create the digital signature. The public key is applied to the verifying algorithm to authenticate the message. A digital signature is sent separate from the message. A digital signature is only valid for a specific message. Unlike cryptosystems for confidentiality, the private and public keys of the sender are used.
Hash Functions
Takes a message of arbitrary length and creates a digest of fixed length. A compression function with fixed-size input is used a necessary number of times on the variable-length message. It compresses an n-bit string to create an m-bit string where n > m. An example hash function is MD5, which divides a message into 512-bit blocks and creates a 128-bit digest. However, a digest of size 128 bits is too small to resist attack. The Secure Hash Algorithm (SHA) was invented to solve this issue. was invented. The Secure Hash Algorithm (SHA). Misc. o This scheme of taking a variable-length message and hashing dividing it into fixed-length inputs is referred to as an iterated cryptographic hash function.
Asymmetric-Key Ciphers
Uses 2 keys: one private key and one public key. Encryption is done using a public key and decryption is done using the corresponding private key (see image). Plaintext and ciphertext are numbers. Encryption and decryption are mathematical functions that are applied to numbers to create other numbers. A public key is distributed via a public-key distribution channel. This channel must provide authentication and integrity. To communicate with n entities requires n public keys when sending and 1 private key when receiving. Misc. o Required for authentication and digital signatures. o Sometimes called public-key ciphers.